A new cyber threat has emerged in the form of Coyote malware, a stealthy banking trojan that targets Windows users in India. This malicious software uses Windows UI Automation tools—typically designed for accessibility features—to hijack sensitive user information, especially online banking credentials.
Background
The malware was first identified by cybersecurity researchers at Kaspersky, who revealed that Coyote is being actively used to attack users primarily in India and Brazil. It poses as legitimate applications and leverages Microsoft’s accessibility framework to monitor user behavior and steal credentials typed into banking websites.
This malware replaces older variants in the Brazilian banking malware family, showcasing a major technical evolution and cross-regional expansion of cyberattacks aimed at financial fraud.
Risk Breakdown
Coyote’s attack chain involves:
Fake installations: Delivered through malicious email attachments or bundled software.
UI Automation abuse: It mimics user interactions to extract banking login info without being detected.
Modular payloads: Components dynamically update to bypass traditional antivirus detection.
Geotargeted campaigns: Specifically configured to activate only on devices with Indian or Brazilian regional settings.
The malware avoids detection by not using keyloggers or screen capture tools—instead, it relies on reading UI elements programmatically, making it more evasive.
Expert Views
“The use of UI automation for credential theft is a serious evolution in malware sophistication. It bypasses traditional protections,” noted CA Manish Mishra.
“This is a wake-up call for Indian banks and regulators to reinforce endpoint protection, especially for remote banking platforms,” said CA Manoj Kumar Singh.
Market & Consumer Implications
The emergence of Coyote malware can impact both individual users and financial institutions, potentially causing:
Breach of customer trust in online banking platforms.
Financial losses via unauthorized transactions.
Urgent need for behavioral anomaly detection and AI-led fraud prevention tools.
With India’s rising digital adoption in banking and fintech, such malware can severely threaten the financial ecosystem if security hygiene is not strengthened.
Preventive Measures
Security experts recommend:
Keeping all Windows systems and antivirus tools up to date.
Avoiding downloads from unknown sources or suspicious email attachments.
Enabling multi-factor authentication for online banking.
Institutions deploying behavior-based threat monitoring on digital platforms.
Conclusion
The Coyote malware reflects a growing trend in intelligent cybercrime, where legitimate software functions are exploited for malicious gains. As India continues its push toward digital banking, cybersecurity must evolve in tandem. A collaborative response from banks, users, and regulators will be crucial to curb this new wave of credential theft.
